As part of the release of macOS Sonoma 14.0.0, there is a bug which may be triggered if you have deployed a configuration profile which sets password rules for local accounts. An example profile is shown below:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
<plist version="1.0"> | |
<dict> | |
<key>PayloadContent</key> | |
<array> | |
<dict> | |
<key>PayloadDisplayName</key> | |
<string>Passcode</string> | |
<key>PayloadIdentifier</key> | |
<string>com.apple.mobiledevice.passwordpolicy.3BCA8E01-3CB9-4D6B-8338-518C51B80AAF</string> | |
<key>PayloadType</key> | |
<string>com.apple.mobiledevice.passwordpolicy</string> | |
<key>PayloadUUID</key> | |
<string>F0B7EB5D-5DF1-4DDC-8A80-01CA458E6157</string> | |
<key>PayloadVersion</key> | |
<integer>1</integer> | |
<key>allowSimple</key> | |
<false/> | |
<key>forcePIN</key> | |
<true/> | |
<key>maxFailedAttempts</key> | |
<integer>10</integer> | |
<key>minLength</key> | |
<integer>15</integer> | |
<key>minutesUntilFailedLoginReset</key> | |
<integer>15</integer> | |
<key>requireAlphanumeric</key> | |
<true/> | |
</dict> | |
</array> | |
<key>PayloadDescription</key> | |
<string>Sets password rules for local accounts on this Mac.</string> | |
<key>PayloadDisplayName</key> | |
<string>Local Account Password Rules</string> | |
<key>PayloadIdentifier</key> | |
<string>com.company.9EF1E03A-5DEB-4D1F-9E14-D76AFF153C35</string> | |
<key>PayloadOrganization</key> | |
<string>Company Name</string> | |
<key>PayloadType</key> | |
<string>Configuration</string> | |
<key>PayloadUUID</key> | |
<string>40829036-5EAF-42C9-9678-D27F0C28654B</string> | |
<key>PayloadVersion</key> | |
<integer>1</integer> | |
</dict> | |
</plist> |
In those cases, you may see one or the other following notifications when you log into macOS Sonoma for the first time.
These notifications don’t actually indicate a problem and clicking on them does nothing but make the messages disappear. However, for shops which are using profiles which set local account password rules, these messages will almost certainly cause tickets asking “What is this and what does it mean?” from your user community.
I have filed feedback with Apple regarding this issue. For those wishing to reference it, it is Feedback # FB12845634.
For the initial release of Sonoma, the best solution identified so far is to suppress the notifications for local password management, to make sure that these notifications don’t appear until Apple releases an update to macOS Sonoma which addresses this problem. To assist with this, I have an example profile available from the link below:
https://github.com/rtrouton/profiles/tree/main/DisableAppleLocalUserAccountPasswordNotifications
Note: The example profile linked above will suppress all local account password policy notifications. If you are using local account password policy notifications for other purposes, this solution may not work for you.
The component in macOS which generates the local account password notifications also exists on macOS Ventura, so you should be able to deploy a profile like the one linked above to macOS Ventura. This should ensure that Macs upgrading to macOS Sonoma also have these notifications suppressed from the start on macOS Sonoma 14.0.0.